{"id": "USN-319-2", "bulletinFamily": "unix", "title": "Linux kernel vulnerability", "description": "USN-319-1 fixed a Linux kernel vulnerability in Ubuntu 6.06 LTS. This \nfollowup advisory provides the corresponding updates for Ubuntu 5.04 \nand 5.10.\n\nFor reference, these are the details of the original USN:\n\nA race condition has been discovered in the file permission handling \nof the /proc file system. A local attacker could exploit this to \nexecute arbitrary code with full root privileges.", "published": "2006-07-19T00:00:00", "modified": "2006-07-19T00:00:00", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-319-2", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2006-3626"], "cvelist": ["CVE-2006-3626"], "type": "ubuntu", "lastseen": "2020-07-09T00:29:29", "edition": 6, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-3626"]}, {"type": "canvas", "idList": ["PROCFS"]}, {"type": "nessus", "idList": ["SUSE_KERNEL-1900.NASL", "ORACLELINUX_ELSA-2006-0617.NASL", "REDHAT-RHSA-2006-0617.NASL", "UBUNTU_USN-319-1.NASL", "DEBIAN_DSA-1111.NASL", "UBUNTU_USN-319-2.NASL", "CENTOS_RHSA-2006-0617.NASL", "SUSE_KERNEL-1896.NASL", "MANDRAKE_MDKSA-2006-124.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:27120"]}, {"type": "ubuntu", "idList": ["USN-319-1"]}, {"type": "suse", "idList": ["SUSE-SA:2006:042", "SUSE-SA:2006:047", "SUSE-SA:2006:049"]}, {"type": "centos", "idList": ["CESA-2006:0617"]}, {"type": "redhat", "idList": ["RHSA-2006:0617"]}, {"type": "openvas", "idList": ["OPENVAS:65035", "OPENVAS:136141256231065035"]}, {"type": "oraclelinux", "idList": ["ELSA-2006-0617", "ELSA-2006-0689"]}], "modified": "2020-07-09T00:29:29", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2020-07-09T00:29:29", "rev": 2}, "vulnersScore": 6.8}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-amd64-k8", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-mckinley-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-hppa64", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-power4-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-hppa32", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-power3", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-amd64-xeon", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-hppa64", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-sparc64", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-hppa32", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-686", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-amd64-xeon", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-hppa64-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-k7", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-amd64-generic", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-mckinley", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-itanium", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-sparc64-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-k7-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-powerpc-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-amd64-k8-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-itanium-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-hppa64-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-k7", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-amd64-generic", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-patch-ubuntu-2.6.12", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-686", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-386", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-mckinley", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-powerpc", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-hppa32-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-itanium", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-amd64-k8", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-power4", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-powerpc64-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-patch-ubuntu-2.6.10", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-sparc64-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-mckinley-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-powerpc-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-iseries-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-386", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-powerpc", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-hppa32-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-k7-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-power3-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-sparc64", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-686-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-itanium-smp", "packageVersion": "2.6.12-10.36"}, {"OS": "Ubuntu", "OSVersion": "5.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.10-6-amd64-k8-smp", "packageVersion": "2.6.10-34.22"}, {"OS": "Ubuntu", "OSVersion": "5.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-2.6.12-10-686-smp", "packageVersion": "2.6.12-10.36"}], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:27:22", "description": "Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.", "edition": 4, "cvss3": {}, "published": "2006-07-18T15:46:00", "title": "CVE-2006-3626", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-3626"], "modified": "2018-10-18T16:48:00", "cpe": ["cpe:/o:linux:linux_kernel:2.6.16.4", "cpe:/o:linux:linux_kernel:2.6.16.15", "cpe:/o:linux:linux_kernel:2.6.16.3", "cpe:/o:linux:linux_kernel:2.6.16.20", "cpe:/o:linux:linux_kernel:2.6.16.9", "cpe:/o:linux:linux_kernel:2.6.16.10", "cpe:/o:linux:linux_kernel:2.6.16.22", "cpe:/o:linux:linux_kernel:2.6.16.5", "cpe:/o:linux:linux_kernel:2.6.16.18", "cpe:/o:linux:linux_kernel:2.6.17.2", "cpe:/o:linux:linux_kernel:2.6.16.21", "cpe:/o:linux:linux_kernel:2.6.17.1", "cpe:/o:linux:linux_kernel:2.6.16.19", "cpe:/o:linux:linux_kernel:2.6.16.14", "cpe:/o:linux:linux_kernel:2.6.16.12", "cpe:/o:linux:linux_kernel:2.6.16.8", "cpe:/o:linux:linux_kernel:2.6.16.17", "cpe:/o:linux:linux_kernel:2.6.16.1", "cpe:/o:linux:linux_kernel:2.6.17.3", "cpe:/o:linux:linux_kernel:2.6.16.7", "cpe:/o:linux:linux_kernel:2.6.16.16", "cpe:/o:linux:linux_kernel:2.6.16.2", "cpe:/o:linux:linux_kernel:2.6.17", "cpe:/o:linux:linux_kernel:2.6.16", "cpe:/o:linux:linux_kernel:2.6.16.24", "cpe:/o:linux:linux_kernel:2.6.17.4", "cpe:/o:linux:linux_kernel:2.6.16.6", "cpe:/o:linux:linux_kernel:2.6.16.11", "cpe:/o:linux:linux_kernel:2.6.16.23", "cpe:/o:linux:linux_kernel:2.6.16.13"], "id": "CVE-2006-3626", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3626", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:2.6.16:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.17.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:2.6.16.8:*:*:*:*:*:*:*"]}], "canvas": [{"lastseen": "2019-05-29T17:19:20", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-3626"], "description": "**Name**| PROCFS \n---|--- \n**CVE**| CVE-2006-3626 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| PROCFS \n**Notes**| CVSS: 6.2 \nDate public: \nVENDOR: Linux \nCVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3626 \nCVE Name: CVE-2006-3626 \n\n", "edition": 2, "modified": "2006-07-18T15:46:00", "published": "2006-07-18T15:46:00", "id": "PROCFS", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/PROCFS", "type": "canvas", "title": "Immunity Canvas: PROCFS", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:22:26", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3626"], "description": "A race condition has been discovered in the file permission handling \nof the /proc file system. A local attacker could exploit this to \nexecute arbitrary code with full root privileges.", "edition": 6, "modified": "2006-07-18T00:00:00", "published": "2006-07-18T00:00:00", "id": "USN-319-1", "href": "https://ubuntu.com/security/notices/USN-319-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:23", "bulletinFamily": "software", "cvelist": ["CVE-2006-3626"], "edition": 1, "description": "## Vulnerability Description\nLinux kernel contains a flaw that may allow local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. The issue is triggered by a race condition occurs in '/proc' when changing file status. This flaw may lead to a loss of integrity.\n## Technical Description\nThe reported exploit runs successfully only on Linux kernel that supports the a.out (assembler output) binary format.\n## Solution Description\nUpgrade to version 2.6.17.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nLinux kernel contains a flaw that may allow local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root. The issue is triggered by a race condition occurs in '/proc' when changing file status. This flaw may lead to a loss of integrity.\n## References:\nVendor Specific Solution URL: http://www.kernel.org/pub/linux/kernel/v2.6/\nVendor Specific News/Changelog Entry: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973\n[Vendor Specific Advisory URL](http://lists.rpath.com/pipermail/security-announce/2006-July/000057.html)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Jul/0008.html)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-319-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Aug/0005.html)\n[Secunia Advisory ID:21041](https://secuniaresearch.flexerasoftware.com/advisories/21041/)\n[Secunia Advisory ID:21123](https://secuniaresearch.flexerasoftware.com/advisories/21123/)\n[Secunia Advisory ID:21179](https://secuniaresearch.flexerasoftware.com/advisories/21179/)\n[Secunia Advisory ID:21498](https://secuniaresearch.flexerasoftware.com/advisories/21498/)\n[Secunia Advisory ID:21057](https://secuniaresearch.flexerasoftware.com/advisories/21057/)\n[Secunia Advisory ID:21073](https://secuniaresearch.flexerasoftware.com/advisories/21073/)\n[Secunia Advisory ID:21119](https://secuniaresearch.flexerasoftware.com/advisories/21119/)\n[Secunia Advisory ID:21605](https://secuniaresearch.flexerasoftware.com/advisories/21605/)\n[Secunia Advisory ID:22174](https://secuniaresearch.flexerasoftware.com/advisories/22174/)\nRedHat RHSA: RHSA-2006:0617\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:124\nOther Advisory URL: http://www.us.debian.org/security/2006/dsa-1111\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0310.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0317.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0324.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0313.html\nISS X-Force ID: 27790\nGeneric Exploit URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060714/c403c6c1/h00lyshit.bin\nFrSIRT Advisory: ADV-2006-2816\n[CVE-2006-3626](https://vulners.com/cve/CVE-2006-3626)\nBugtraq ID: 18992\n", "modified": "2006-07-17T02:34:11", "published": "2006-07-17T02:34:11", "href": "https://vulners.com/osvdb/OSVDB:27120", "id": "OSVDB:27120", "title": "Linux Kernel /proc/self/environ prctl Race Condition Local Privilege Escalation", "type": "osvdb", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-06T09:44:39", "description": "It was discovered that a race condition in the process filesystem can\nlead to privilege escalation.\n\nThe following matrix explains which kernel version for which\narchitecture fixes the problem mentioned above :\n\n Debian 3.1 (sarge) \n Source 2.6.8-16sarge4 \n Alpha architecture 2.6.8-16sarge4 \n AMD64 architecture 2.6.8-16sarge4 \n Intel IA-32 architecture 2.6.8-16sarge4 \n Intel IA-64 architecture 2.6.8-14sarge4 \n PowerPC architecture 2.6.8-12sarge4 \n Sun Sparc architecture 2.6.8-15sarge4 \n IBM S/390 2.6.8-5sarge4 \n Motorola 680x0 2.6.8-4sarge4 \n HP Precision 2.6.8-6sarge3 \n FAI 1.9.1sarge3 \nThe initial advisory lacked builds for the IBM S/390, Motorola 680x0\nand HP Precision architectures, which are now provided. Also, the\nkernels for the FAI installer have been updated.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-1111-2 : kernel-source-2.6.8 - race condition", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3626"], "modified": "2006-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "p-cpe:/a:debian:debian_linux:kernel-source-2.6.8"], "id": "DEBIAN_DSA-1111.NASL", "href": "https://www.tenable.com/plugins/nessus/22653", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1111. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22653);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-3626\");\n script_xref(name:\"DSA\", value:\"1111\");\n\n script_name(english:\"Debian DSA-1111-2 : kernel-source-2.6.8 - race condition\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that a race condition in the process filesystem can\nlead to privilege escalation.\n\nThe following matrix explains which kernel version for which\narchitecture fixes the problem mentioned above :\n\n Debian 3.1 (sarge) \n Source 2.6.8-16sarge4 \n Alpha architecture 2.6.8-16sarge4 \n AMD64 architecture 2.6.8-16sarge4 \n Intel IA-32 architecture 2.6.8-16sarge4 \n Intel IA-64 architecture 2.6.8-14sarge4 \n PowerPC architecture 2.6.8-12sarge4 \n Sun Sparc architecture 2.6.8-15sarge4 \n IBM S/390 2.6.8-5sarge4 \n Motorola 680x0 2.6.8-4sarge4 \n HP Precision 2.6.8-6sarge3 \n FAI 1.9.1sarge3 \nThe initial advisory lacked builds for the IBM S/390, Motorola 680x0\nand HP Precision architectures, which are now provided. Also, the\nkernels for the FAI installer have been updated.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2006/dsa-1111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the kernel package immediately and reboot the machine. If you\nhave built a custom kernel from the kernel source package, you will\nneed to rebuild to take advantage of these fixes.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-source-2.6.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"fai-kernels\", reference:\"1.9.1sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3-power3\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3-power3-smp\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3-power4\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3-power4-smp\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3-powerpc\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-build-2.6.8-3-powerpc-smp\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-doc-2.6.8\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6-itanium\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6-itanium-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6-mckinley\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6-mckinley-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-12\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-12-amd64-generic\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-12-amd64-k8\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-12-amd64-k8-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-12-em64t-p4\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-12-em64t-p4-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-32\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-32-smp\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-386\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-64\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-64-smp\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-686\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-686-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-generic\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-itanium\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-itanium-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-k7\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-k7-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-mckinley\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-mckinley-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-sparc32\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-sparc64\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-headers-2.6.8-3-sparc64-smp\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6-itanium\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6-itanium-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6-mckinley\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6-mckinley-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-12-amd64-generic\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-12-amd64-k8\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-12-amd64-k8-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-12-em64t-p4\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-12-em64t-p4-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-32\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-32-smp\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-386\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-64\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-64-smp\", reference:\"2.6.8-6sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-686\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-686-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-generic\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-itanium\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-itanium-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-k7\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-k7-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-mckinley\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-mckinley-smp\", reference:\"2.6.8-14sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-power3\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-power3-smp\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-power4\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-power4-smp\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-powerpc\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-powerpc-smp\", reference:\"2.6.8-12sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-s390\", reference:\"2.6.8-5sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-s390-tape\", reference:\"2.6.8-5sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-s390x\", reference:\"2.6.8-5sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-smp\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-sparc32\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-sparc64\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-3-sparc64-smp\", reference:\"2.6.8-15sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-amiga\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-atari\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-bvme6000\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-hp\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-mac\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-mvme147\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-mvme16x\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-q40\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-image-2.6.8-sun3\", reference:\"2.6.8-4sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-patch-2.6.8-s390\", reference:\"2.6.8-5sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-patch-debian-2.6.8\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-source-2.6.8\", reference:\"2.6.8-16sarge4\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"kernel-tree-2.6.8\", reference:\"2.6.8-16sarge4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:30:39", "description": "A race condition has been discovered in the file permission handling\nof the /proc file system. A local attacker could exploit this to\nexecute arbitrary code with full root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2007-11-10T00:00:00", "title": "Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerability (USN-319-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3626"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-319-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-319-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27895);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-3626\");\n script_bugtraq_id(18992);\n script_xref(name:\"USN\", value:\"319-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerability (USN-319-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition has been discovered in the file permission handling\nof the /proc file system. A local attacker could exploit this to\nexecute arbitrary code with full root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/319-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.15\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2006-3626\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-319-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-doc-2.6.15\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-386\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-686\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-amd64-generic\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-amd64-k8\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-amd64-server\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-amd64-xeon\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-headers-2.6.15-26-server\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-386\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-686\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-amd64-generic\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-amd64-k8\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-amd64-server\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-amd64-xeon\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-image-2.6.15-26-server\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-kernel-devel\", pkgver:\"2.6.15-26.45\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"linux-source-2.6.15\", pkgver:\"2.6.15-26.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.15 / linux-headers-2.6 / linux-headers-2.6-386 / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:30:40", "description": "USN-319-1 fixed a Linux kernel vulnerability in Ubuntu 6.06 LTS. This\nfollowup advisory provides the corresponding updates for Ubuntu 5.04\nand 5.10.\n\nFor reference, these are the details of the original USN :\n\nA race condition has been discovered in the file permission handling\nof the /proc file system. A local attacker could exploit this to\nexecute arbitrary code with full root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.04 / 5.10 : linux-source-2.6.10, linux-source-2.6.12 vulnerability (USN-319-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3626"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon", "p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12", "p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10", "p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10", "p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686", "p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386"], "id": "UBUNTU_USN-319-2.NASL", "href": "https://www.tenable.com/plugins/nessus/27896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-319-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27896);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2006-3626\");\n script_bugtraq_id(18992);\n script_xref(name:\"USN\", value:\"319-2\");\n\n script_name(english:\"Ubuntu 5.04 / 5.10 : linux-source-2.6.10, linux-source-2.6.12 vulnerability (USN-319-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-319-1 fixed a Linux kernel vulnerability in Ubuntu 6.06 LTS. This\nfollowup advisory provides the corresponding updates for Ubuntu 5.04\nand 5.10.\n\nFor reference, these are the details of the original USN :\n\nA race condition has been discovered in the file permission handling\nof the /proc file system. A local attacker could exploit this to\nexecute arbitrary code with full root privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-doc-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-686-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-k8-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-amd64-xeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-patch-ubuntu-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tree-2.6.12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.04|5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.04 / 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-doc-2.6.10\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-386\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-686\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-686-smp\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-generic\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-k8\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-k8-smp\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-headers-2.6.10-6-amd64-xeon\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-386\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-686\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-686-smp\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-generic\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-k8\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-k8-smp\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-image-2.6.10-6-amd64-xeon\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-patch-ubuntu-2.6.10\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-source-2.6.10\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"linux-tree-2.6.10\", pkgver:\"2.6.10-34.22\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-doc-2.6.12\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-386\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-686\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-686-smp\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-generic\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-k8\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-k8-smp\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-headers-2.6.12-10-amd64-xeon\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-386\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-686\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-686-smp\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-generic\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-k8\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-k8-smp\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-image-2.6.12-10-amd64-xeon\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-patch-ubuntu-2.6.12\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-source-2.6.12\", pkgver:\"2.6.12-10.36\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"linux-tree-2.6.12\", pkgver:\"2.6.12-10.36\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-doc-2.6.10 / linux-doc-2.6.12 / linux-headers-2.6 / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T11:51:34", "description": "A race condition in the Linux kernel 2.6.17.4 and earlier allows local\nusers to obtain root privileges due to a race condition in the /proc\nfilesystem.\n\nThe provided packages are patched to fix these vulnerabilities. All\nusers are encouraged to upgrade to these updated kernels immediately\nand reboot to effect the fixes.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate", "edition": 25, "published": "2006-12-16T00:00:00", "title": "Mandrake Linux Security Advisory : kernel (MDKSA-2006:124)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3626"], "modified": "2006-12-16T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.24mdk", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-source-2.6.12.24mdk", "p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.24mdk"], "id": "MANDRAKE_MDKSA-2006-124.NASL", "href": "https://www.tenable.com/plugins/nessus/23875", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:124. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23875);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-3626\");\n script_bugtraq_id(18992);\n script_xref(name:\"MDKSA\", value:\"2006:124\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kernel (MDKSA-2006:124)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A race condition in the Linux kernel 2.6.17.4 and earlier allows local\nusers to obtain root privileges due to a race condition in the /proc\nfilesystem.\n\nThe provided packages are patched to fix these vulnerabilities. All\nusers are encouraged to upgrade to these updated kernels immediately\nand reboot to effect the fixes.\n\nTo update your kernel, please follow the directions located at :\n\nhttp://www.mandriva.com/en/security/kernelupdate\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-BOOT-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-i586-up-1GB-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-i686-up-4GB-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-smp-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-source-stripped-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xbox-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xen0-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kernel-xenU-2.6.12.24mdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-BOOT-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-i586-up-1GB-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-i686-up-4GB-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-smp-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-source-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"kernel-source-stripped-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-xbox-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-xen0-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"kernel-xenU-2.6.12.24mdk-1-1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:24", "description": "This kernel update fixes the following security problems :\n\n - A race condition allows local users to gain root\n privileges by changing the file mode of /proc/self/\n files in a way that causes those files (for instance\n /proc/self/environ) to become setuid root. [#192688].\n (CVE-2006-3626)\n\n - A stack-based buffer overflow in CDROM / DVD handling\n was fixed which could be used by a physical local\n attacker to crash the kernel or execute code within\n kernel context, depending on presence of automatic DVD\n handling in the system. [#190396]. (CVE-2006-2935)\n\n - Due to an argument validation error in\n prctl(PR_SET_DUMPABLE) a local attacker can easily gain\n administrator (root) privileges. [#186980].\n (CVE-2006-2451)\n\nand the following non security bugs :\n\n - Limit the maximum number of LUNs to 16384 [#185164]\n\n - LSI 1030/MPT Fusion driver hang during error recovery --\n Optionally disable QAS [#180100]\n\n - advance buffer pointers in h_copy_rdma() to avoid data\n corruption [#186444]", "edition": 23, "published": "2012-05-17T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 1900)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3626", "CVE-2006-2451", "CVE-2006-2935"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-1900.NASL", "href": "https://www.tenable.com/plugins/nessus/59120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59120);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2451\", \"CVE-2006-2935\", \"CVE-2006-3626\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 1900)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - A race condition allows local users to gain root\n privileges by changing the file mode of /proc/self/\n files in a way that causes those files (for instance\n /proc/self/environ) to become setuid root. [#192688].\n (CVE-2006-3626)\n\n - A stack-based buffer overflow in CDROM / DVD handling\n was fixed which could be used by a physical local\n attacker to crash the kernel or execute code within\n kernel context, depending on presence of automatic DVD\n handling in the system. [#190396]. (CVE-2006-2935)\n\n - Due to an argument validation error in\n prctl(PR_SET_DUMPABLE) a local attacker can easily gain\n administrator (root) privileges. [#186980].\n (CVE-2006-2451)\n\nand the following non security bugs :\n\n - Limit the maximum number of LUNs to 16384 [#185164]\n\n - LSI 1030/MPT Fusion driver hang during error recovery --\n Optionally disable QAS [#180100]\n\n - advance buffer pointers in h_copy_rdma() to avoid data\n corruption [#186444]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2935.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3626.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 1900.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"kernel-debug-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"kernel-default-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"kernel-smp-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"kernel-source-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"kernel-syms-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"x86_64\", reference:\"kernel-xen-2.6.16.21-0.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:45:24", "description": "This kernel update fixes the following security problems :\n\n - A race condition allows local users to gain root\n privileges by changing the file mode of /proc/self/\n files in a way that causes those files (for instance\n /proc/self/environ) to become setuid root. [#192688].\n (CVE-2006-3626)\n\n - A stack-based buffer overflow in CDROM / DVD handling\n was fixed which could be used by a physical local\n attacker to crash the kernel or execute code within\n kernel context, depending on presence of automatic DVD\n handling in the system. [#190396]. (CVE-2006-2935)\n\n - Due to an argument validation error in\n prctl(PR_SET_DUMPABLE) a local attacker can easily gain\n administrator (root) privileges. [#186980].\n (CVE-2006-2451)\n\nand the following non security bugs :\n\n - Limit the maximum number of LUNs to 16384 [#185164]\n\n - LSI 1030/MPT Fusion driver hang during error recovery --\n Optionally disable QAS [#180100]\n\n - advance buffer pointers in h_copy_rdma() to avoid data\n corruption [#186444]", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 1896)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-3626", "CVE-2006-2451", "CVE-2006-2935"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_KERNEL-1896.NASL", "href": "https://www.tenable.com/plugins/nessus/29484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29484);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-2451\", \"CVE-2006-2935\", \"CVE-2006-3626\");\n\n script_name(english:\"SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 1896)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This kernel update fixes the following security problems :\n\n - A race condition allows local users to gain root\n privileges by changing the file mode of /proc/self/\n files in a way that causes those files (for instance\n /proc/self/environ) to become setuid root. [#192688].\n (CVE-2006-3626)\n\n - A stack-based buffer overflow in CDROM / DVD handling\n was fixed which could be used by a physical local\n attacker to crash the kernel or execute code within\n kernel context, depending on presence of automatic DVD\n handling in the system. [#190396]. (CVE-2006-2935)\n\n - Due to an argument validation error in\n prctl(PR_SET_DUMPABLE) a local attacker can easily gain\n administrator (root) privileges. [#186980].\n (CVE-2006-2451)\n\nand the following non security bugs :\n\n - Limit the maximum number of LUNs to 16384 [#185164]\n\n - LSI 1030/MPT Fusion driver hang during error recovery --\n Optionally disable QAS [#180100]\n\n - advance buffer pointers in h_copy_rdma() to avoid data\n corruption [#186444]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2451.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-2935.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-3626.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 1896.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"i586\", reference:\"kernel-default-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"i586\", reference:\"kernel-smp-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"i586\", reference:\"kernel-source-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:0, cpu:\"i586\", reference:\"kernel-syms-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-bigsmp-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-debug-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-default-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-smp-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-source-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-syms-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-xen-2.6.16.21-0.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:0, cpu:\"i586\", reference:\"kernel-xenpae-2.6.16.21-0.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:25:01", "description": "Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the proc file system that allowed a local user to use a\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626,\nImportant)\n\n* a flaw in the SCTP implementation that allowed a local user to cause\na denial of service (panic) or to possibly gain root privileges\n(CVE-2006-3745, Important)\n\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid\ninodes that allowed a remote authenticated user to cause a denial of\nservice (filesystem panic) (CVE-2006-3468, Important)\n\n* a flaw in the restore_all code path of the 4/4GB split support of\nnon-hugemem kernels that allowed a local user to cause a denial of\nservice (panic) (CVE-2006-2932, Important)\n\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\nprocessing that allowed a remote user to cause a denial of service\n(crash) or potential memory corruption (CVE-2006-2444, Moderate)\n\n* a flaw in the DVD handling of the CDROM driver that could be used\ntogether with a custom built USB device to gain root privileges\n(CVE-2006-2935, Moderate)\n\n* a flaw in the handling of O_DIRECT writes that allowed a local user\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\n\n* a flaw in the SCTP chunk length handling that allowed a remote user\nto cause a denial of service (crash) (CVE-2006-1858, Low)\n\n* a flaw in the input handling of the ftdi_sio driver that allowed a\nlocal user to cause a denial of service (memory consumption)\n(CVE-2006-2936, Low)\n\nIn addition a bugfix was added to enable a clean reboot for the IBM\nPizzaro machines.\n\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\nKorotaev for reporting issues fixed in this erratum.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.", "edition": 27, "published": "2006-08-30T00:00:00", "title": "CentOS 4 : kernel (CESA-2006:0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2932", "CVE-2006-3745", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-3468", "CVE-2006-2936", "CVE-2004-2660"], "modified": "2006-08-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel-largesmp", "p-cpe:/a:centos:centos:kernel-hugemem", "p-cpe:/a:centos:centos:kernel-doc", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:kernel-smp", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-smp-devel", "p-cpe:/a:centos:centos:kernel-largesmp-devel", "p-cpe:/a:centos:centos:kernel-hugemem-devel"], "id": "CENTOS_RHSA-2006-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/22279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0617 and \n# CentOS Errata and Security Advisory 2006:0617 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22279);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-2660\", \"CVE-2006-1858\", \"CVE-2006-2444\", \"CVE-2006-2932\", \"CVE-2006-2935\", \"CVE-2006-2936\", \"CVE-2006-3468\", \"CVE-2006-3626\", \"CVE-2006-3745\");\n script_xref(name:\"RHSA\", value:\"2006:0617\");\n\n script_name(english:\"CentOS 4 : kernel (CESA-2006:0617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the proc file system that allowed a local user to use a\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626,\nImportant)\n\n* a flaw in the SCTP implementation that allowed a local user to cause\na denial of service (panic) or to possibly gain root privileges\n(CVE-2006-3745, Important)\n\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid\ninodes that allowed a remote authenticated user to cause a denial of\nservice (filesystem panic) (CVE-2006-3468, Important)\n\n* a flaw in the restore_all code path of the 4/4GB split support of\nnon-hugemem kernels that allowed a local user to cause a denial of\nservice (panic) (CVE-2006-2932, Important)\n\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\nprocessing that allowed a remote user to cause a denial of service\n(crash) or potential memory corruption (CVE-2006-2444, Moderate)\n\n* a flaw in the DVD handling of the CDROM driver that could be used\ntogether with a custom built USB device to gain root privileges\n(CVE-2006-2935, Moderate)\n\n* a flaw in the handling of O_DIRECT writes that allowed a local user\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\n\n* a flaw in the SCTP chunk length handling that allowed a remote user\nto cause a denial of service (crash) (CVE-2006-1858, Low)\n\n* a flaw in the input handling of the ftdi_sio driver that allowed a\nlocal user to cause a denial of service (memory consumption)\n(CVE-2006-2936, Low)\n\nIn addition a bugfix was added to enable a clean reboot for the IBM\nPizzaro machines.\n\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\nKorotaev for reporting issues fixed in this erratum.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013149.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e36b210\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013150.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f3040c9\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-September/013190.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3c9d752\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"kernel-devel-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-doc-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-doc-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kernel-largesmp-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"kernel-largesmp-devel-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-42.0.2.EL\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-42.0.2.EL\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T13:05:40", "description": "Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the proc file system that allowed a local user to use a\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626,\nImportant)\n\n* a flaw in the SCTP implementation that allowed a local user to cause\na denial of service (panic) or to possibly gain root privileges\n(CVE-2006-3745, Important)\n\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid\ninodes that allowed a remote authenticated user to cause a denial of\nservice (filesystem panic) (CVE-2006-3468, Important)\n\n* a flaw in the restore_all code path of the 4/4GB split support of\nnon-hugemem kernels that allowed a local user to cause a denial of\nservice (panic) (CVE-2006-2932, Important)\n\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\nprocessing that allowed a remote user to cause a denial of service\n(crash) or potential memory corruption (CVE-2006-2444, Moderate)\n\n* a flaw in the DVD handling of the CDROM driver that could be used\ntogether with a custom built USB device to gain root privileges\n(CVE-2006-2935, Moderate)\n\n* a flaw in the handling of O_DIRECT writes that allowed a local user\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\n\n* a flaw in the SCTP chunk length handling that allowed a remote user\nto cause a denial of service (crash) (CVE-2006-1858, Low)\n\n* a flaw in the input handling of the ftdi_sio driver that allowed a\nlocal user to cause a denial of service (memory consumption)\n(CVE-2006-2936, Low)\n\nIn addition a bugfix was added to enable a clean reboot for the IBM\nPizzaro machines.\n\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\nKorotaev for reporting issues fixed in this erratum.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.", "edition": 28, "published": "2006-08-23T00:00:00", "title": "RHEL 4 : kernel (RHSA-2006:0617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2932", "CVE-2006-3745", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-3468", "CVE-2006-2936", "CVE-2004-2660"], "modified": "2006-08-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-smp", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-hugemem", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-largesmp"], "id": "REDHAT-RHSA-2006-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/22264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0617. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22264);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-2660\", \"CVE-2006-1858\", \"CVE-2006-2444\", \"CVE-2006-2932\", \"CVE-2006-2935\", \"CVE-2006-2936\", \"CVE-2006-3468\", \"CVE-2006-3626\", \"CVE-2006-3745\");\n script_xref(name:\"RHSA\", value:\"2006:0617\");\n\n script_name(english:\"RHEL 4 : kernel (RHSA-2006:0617)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix several security issues in the Red\nHat Enterprise Linux 4 kernel are now available.\n\nThis security advisory has been rated as having important security\nimpact by the Red Hat Security Response Team.\n\nThe Linux kernel handles the basic functions of the operating system.\n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n* a flaw in the proc file system that allowed a local user to use a\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626,\nImportant)\n\n* a flaw in the SCTP implementation that allowed a local user to cause\na denial of service (panic) or to possibly gain root privileges\n(CVE-2006-3745, Important)\n\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid\ninodes that allowed a remote authenticated user to cause a denial of\nservice (filesystem panic) (CVE-2006-3468, Important)\n\n* a flaw in the restore_all code path of the 4/4GB split support of\nnon-hugemem kernels that allowed a local user to cause a denial of\nservice (panic) (CVE-2006-2932, Important)\n\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\nprocessing that allowed a remote user to cause a denial of service\n(crash) or potential memory corruption (CVE-2006-2444, Moderate)\n\n* a flaw in the DVD handling of the CDROM driver that could be used\ntogether with a custom built USB device to gain root privileges\n(CVE-2006-2935, Moderate)\n\n* a flaw in the handling of O_DIRECT writes that allowed a local user\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\n\n* a flaw in the SCTP chunk length handling that allowed a remote user\nto cause a denial of service (crash) (CVE-2006-1858, Low)\n\n* a flaw in the input handling of the ftdi_sio driver that allowed a\nlocal user to cause a denial of service (memory consumption)\n(CVE-2006-2936, Low)\n\nIn addition a bugfix was added to enable a clean reboot for the IBM\nPizzaro machines.\n\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\nKorotaev for reporting issues fixed in this erratum.\n\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their\nkernels to the packages associated with their machine architectures\nand configurations as listed in this erratum.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-2660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-1858\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2935\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-2936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2006-3745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0617\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/12/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2004-2660\", \"CVE-2006-1858\", \"CVE-2006-2444\", \"CVE-2006-2932\", \"CVE-2006-2935\", \"CVE-2006-2936\", \"CVE-2006-3468\", \"CVE-2006-3626\", \"CVE-2006-3745\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2006:0617\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0617\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-devel-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"kernel-doc-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-hugemem-devel-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i686\", reference:\"kernel-smp-devel-2.6.9-42.0.2.EL\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-42.0.2.EL\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-devel / kernel-doc / kernel-hugemem / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-17T12:43:50", "description": "Updated kernel packages that fix security issues are now available. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nThe Linux kernel handles the basic functions of the operating system. \n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n\nFrom Red Hat Security Advisory 2006-0617 :\n\n* a flaw in the proc file system that allowed a local user to use a\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626,\nImportant)\n\n* a flaw in the SCTP implementation that allowed a local user to cause\na denial of service (panic) or to possibly gain root privileges\n(CVE-2006-3745, Important)\n\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid\ninodes that allowed a remote authenticated user to cause a denial of\nservice (filesystem panic) (CVE-2006-3468, Important)\n\n* a flaw in the restore_all code path of the 4/4GB split support of\nnon-hugemem kernels that allowed a local user to cause a denial of\nservice (panic) (CVE-2006-2932, Important)\n\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\nprocessing that allowed a remote user to cause a denial of service\n(crash) or potential memory corruption (CVE-2006-2444, Moderate)\n\n* a flaw in the DVD handling of the CDROM driver that could be used\ntogether with a custom built USB device to gain root privileges\n(CVE-2006-2935, Moderate)\n\n* a flaw in the handling of O_DIRECT writes that allowed a local user\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\n\n* a flaw in the SCTP chunk length handling that allowed a remote user\nto cause a denial of service (crash) (CVE-2006-1858, Low)\n\n* a flaw in the input handling of the ftdi_sio driver that allowed a\nlocal user to cause a denial of service (memory consumption)\n(CVE-2006-2936, Low)\n\nIn addition a bugfix was added to enable a clean reboot for the IBM\nPizzaro machines.\n\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\nKorotaev for reporting issues fixed in this erratum.\n\n\nFrom Red Hat Security Advisory ELSA-2006-0689 :\n\n* a flaw in the SCTP support that allowed a local user to cause a\ndenial of service (crash) with a specific SO_LINGER value.\n(CVE-2006-4535, Important)\n\n* a flaw in the hugepage table support that allowed a local user to\ncause a denial of service (crash). (CVE-2005-4811, Important)\n\n* a flaw in the mprotect system call that allowed setting write\npermission for a read-only attachment of shared memory.\n(CVE-2006-2071, Moderate)\n\n* a flaw in HID0[31] (en_attn) register handling on PowerPC 970\nsystems that allowed a local user to cause a denial of service.\n(crash) (CVE-2006-4093, Moderate)\n\n* a flaw in the perfmon support of Itanium systems that allowed a\nlocal user to cause a denial of service by consuming all file\ndescriptors. (CVE-2006-3741, Moderate)\n\n* a flaw in the ATM subsystem. On systems with installed ATM hardware\nand configured ATM support, a remote user could cause a denial of\nservice (panic) by accessing socket buffers memory after freeing them.\n(CVE-2006-4997, Moderate)\n\n* a flaw in the DVB subsystem. On systems with installed DVB hardware\nand configured DVB support, a remote user could cause a denial of\nservice (panic) by sending a ULE SNDU packet with length of 0.\n(CVE-2006-4623, Low)\n\n* an information leak in the network subsystem that possibly allowed a\nlocal user to read sensitive data from kernel memory. (CVE-2006-0039,\nLow)\n\nIn addition, two bugfixes for the IPW-2200 wireless driver were\nincluded. The first one ensures that wireless management applications\ncorrectly identify IPW-2200 controlled devices, while the second fix\nensures that DHCP requests using the IPW-2200 operate correctly.\n\nRed Hat would like to thank Olof Johansson, Stephane Eranian and Solar\nDesigner for reporting issues fixed in this erratum.", "edition": 26, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2932", "CVE-2006-3745", "CVE-2006-4093", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-0039", "CVE-2006-3741", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-4997", "CVE-2006-3468", "CVE-2006-2071", "CVE-2006-2936", "CVE-2005-4811", "CVE-2004-2660"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-hugemem", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-smp-devel", "p-cpe:/a:oracle:linux:kernel-largesmp", "p-cpe:/a:oracle:linux:kernel-smp", "p-cpe:/a:oracle:linux:kernel-hugemem-devel", "cpe:/o:oracle:linux:4", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-largesmp-devel"], "id": "ORACLELINUX_ELSA-2006-0617.NASL", "href": "https://www.tenable.com/plugins/nessus/67401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisories ELSA-2006-0617 / \n# ELSA-2006-0689.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67401);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-2660\", \"CVE-2005-4811\", \"CVE-2006-0039\", \"CVE-2006-1858\", \"CVE-2006-2071\", \"CVE-2006-2444\", \"CVE-2006-2932\", \"CVE-2006-2935\", \"CVE-2006-2936\", \"CVE-2006-3468\", \"CVE-2006-3626\", \"CVE-2006-3741\", \"CVE-2006-3745\", \"CVE-2006-4093\", \"CVE-2006-4535\", \"CVE-2006-4623\", \"CVE-2006-4997\");\n script_xref(name:\"RHSA\", value:\"2006:0617\");\n script_xref(name:\"RHSA\", value:\"2006:0689\");\n\n script_name(english:\"Oracle Linux 4 : kernel (ELSA-2006-0617 / ELSA-2006-0689)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix security issues are now available. \n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team. \n\nThe Linux kernel handles the basic functions of the operating system. \n\nThese new kernel packages contain fixes for the security issues\ndescribed below :\n\n\nFrom Red Hat Security Advisory 2006-0617 :\n\n* a flaw in the proc file system that allowed a local user to use a\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626,\nImportant)\n\n* a flaw in the SCTP implementation that allowed a local user to cause\na denial of service (panic) or to possibly gain root privileges\n(CVE-2006-3745, Important)\n\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid\ninodes that allowed a remote authenticated user to cause a denial of\nservice (filesystem panic) (CVE-2006-3468, Important)\n\n* a flaw in the restore_all code path of the 4/4GB split support of\nnon-hugemem kernels that allowed a local user to cause a denial of\nservice (panic) (CVE-2006-2932, Important)\n\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\nprocessing that allowed a remote user to cause a denial of service\n(crash) or potential memory corruption (CVE-2006-2444, Moderate)\n\n* a flaw in the DVD handling of the CDROM driver that could be used\ntogether with a custom built USB device to gain root privileges\n(CVE-2006-2935, Moderate)\n\n* a flaw in the handling of O_DIRECT writes that allowed a local user\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\n\n* a flaw in the SCTP chunk length handling that allowed a remote user\nto cause a denial of service (crash) (CVE-2006-1858, Low)\n\n* a flaw in the input handling of the ftdi_sio driver that allowed a\nlocal user to cause a denial of service (memory consumption)\n(CVE-2006-2936, Low)\n\nIn addition a bugfix was added to enable a clean reboot for the IBM\nPizzaro machines.\n\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\nKorotaev for reporting issues fixed in this erratum.\n\n\nFrom Red Hat Security Advisory ELSA-2006-0689 :\n\n* a flaw in the SCTP support that allowed a local user to cause a\ndenial of service (crash) with a specific SO_LINGER value.\n(CVE-2006-4535, Important)\n\n* a flaw in the hugepage table support that allowed a local user to\ncause a denial of service (crash). (CVE-2005-4811, Important)\n\n* a flaw in the mprotect system call that allowed setting write\npermission for a read-only attachment of shared memory.\n(CVE-2006-2071, Moderate)\n\n* a flaw in HID0[31] (en_attn) register handling on PowerPC 970\nsystems that allowed a local user to cause a denial of service.\n(crash) (CVE-2006-4093, Moderate)\n\n* a flaw in the perfmon support of Itanium systems that allowed a\nlocal user to cause a denial of service by consuming all file\ndescriptors. (CVE-2006-3741, Moderate)\n\n* a flaw in the ATM subsystem. On systems with installed ATM hardware\nand configured ATM support, a remote user could cause a denial of\nservice (panic) by accessing socket buffers memory after freeing them.\n(CVE-2006-4997, Moderate)\n\n* a flaw in the DVB subsystem. On systems with installed DVB hardware\nand configured DVB support, a remote user could cause a denial of\nservice (panic) by sending a ULE SNDU packet with length of 0.\n(CVE-2006-4623, Low)\n\n* an information leak in the network subsystem that possibly allowed a\nlocal user to read sensitive data from kernel memory. (CVE-2006-0039,\nLow)\n\nIn addition, two bugfixes for the IPW-2200 wireless driver were\nincluded. The first one ensures that wireless management applications\ncorrectly identify IPW-2200 controlled devices, while the second fix\nensures that DHCP requests using the IPW-2200 operate correctly.\n\nRed Hat would like to thank Olof Johansson, Stephane Eranian and Solar\nDesigner for reporting issues fixed in this erratum.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000011.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 362);\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-hugemem-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-largesmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-smp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-devel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-hugemem-devel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-largesmp-devel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"kernel-smp-devel-2.6.9-42.0.3.0.2.EL\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"kernel-smp-devel-2.6.9-42.0.3.0.2.EL\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:29:54", "bulletinFamily": "unix", "cvelist": ["CVE-2006-3626", "CVE-2006-2451", "CVE-2006-2935"], "description": "The SUSE Linux Enterprise 10 kernel was updated to fix the following security problems:\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-08-18T13:53:33", "published": "2006-08-18T13:53:33", "id": "SUSE-SA:2006:049", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-08/msg00015.html", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:05:47", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2451", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-1857", "CVE-2006-0744", "CVE-2006-2448", "CVE-2006-1528", "CVE-2006-3085", "CVE-2006-2934"], "description": "The Linux kernel of the SUSE Linux Enterprise 9 products has been updated to fix the security problems list below.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-08-11T14:25:01", "published": "2006-08-11T14:25:01", "id": "SUSE-SA:2006:047", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-08/msg00012.html", "title": "local privilege escalation in kernel", "type": "suse", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2451", "CVE-2006-1859", "CVE-2006-1855", "CVE-2006-2444", "CVE-2006-2445", "CVE-2006-2935", "CVE-2006-1857", "CVE-2006-0744", "CVE-2006-2448", "CVE-2006-1528", "CVE-2006-1860", "CVE-2006-2450", "CVE-2006-3085", "CVE-2006-2934"], "description": "The Linux kernel has been updated to fix several security issues.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2006-07-26T14:31:45", "published": "2006-07-26T14:31:45", "id": "SUSE-SA:2006:042", "href": "http://lists.opensuse.org/opensuse-security-announce/2006-07/msg00017.html", "type": "suse", "title": "local privilege escalation in kernel", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:46", "bulletinFamily": "unix", "cvelist": ["CVE-2004-2660", "CVE-2006-1858", "CVE-2006-2444", "CVE-2006-2932", "CVE-2006-2935", "CVE-2006-2936", "CVE-2006-3468", "CVE-2006-3626", "CVE-2006-3745"], "description": "The Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the proc file system that allowed a local user to use a\r\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important)\r\n\r\n* a flaw in the SCTP implementation that allowed a local user to cause a\r\ndenial of service (panic) or to possibly gain root privileges\r\n(CVE-2006-3745, Important)\r\n\r\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes\r\nthat allowed a remote authenticated user to cause a denial of service\r\n(filesystem panic) (CVE-2006-3468, Important)\r\n\r\n* a flaw in the restore_all code path of the 4/4GB split support of\r\nnon-hugemem kernels that allowed a local user to cause a denial of service\r\n(panic) (CVE-2006-2932, Important)\r\n\r\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\r\nprocessing that allowed a remote user to cause a denial of service (crash)\r\nor potential memory corruption (CVE-2006-2444, Moderate)\r\n\r\n* a flaw in the DVD handling of the CDROM driver that could be used\r\ntogether with a custom built USB device to gain root privileges\r\n(CVE-2006-2935, Moderate)\r\n\r\n* a flaw in the handling of O_DIRECT writes that allowed a local user\r\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\r\n\r\n* a flaw in the SCTP chunk length handling that allowed a remote user to\r\ncause a denial of service (crash) (CVE-2006-1858, Low)\r\n\r\n* a flaw in the input handling of the ftdi_sio driver that allowed a local\r\nuser to cause a denial of service (memory consumption) (CVE-2006-2936, Low)\r\n\r\nIn addition a bugfix was added to enable a clean reboot for the IBM Pizzaro\r\nmachines.\r\n\r\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\r\nKorotaev for reporting issues fixed in this erratum.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.", "modified": "2017-09-08T11:48:28", "published": "2006-08-22T04:00:00", "id": "RHSA-2006:0617", "href": "https://access.redhat.com/errata/RHSA-2006:0617", "type": "redhat", "title": "(RHSA-2006:0617) kernel security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:24:09", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2932", "CVE-2006-3745", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-3468", "CVE-2006-2936", "CVE-2004-2660"], "description": "**CentOS Errata and Security Advisory** CESA-2006:0617\n\n\nThe Linux kernel handles the basic functions of the operating system.\r\n\r\nThese new kernel packages contain fixes for the security issues described\r\nbelow:\r\n\r\n* a flaw in the proc file system that allowed a local user to use a\r\nsuid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important)\r\n\r\n* a flaw in the SCTP implementation that allowed a local user to cause a\r\ndenial of service (panic) or to possibly gain root privileges\r\n(CVE-2006-3745, Important)\r\n\r\n* a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes\r\nthat allowed a remote authenticated user to cause a denial of service\r\n(filesystem panic) (CVE-2006-3468, Important)\r\n\r\n* a flaw in the restore_all code path of the 4/4GB split support of\r\nnon-hugemem kernels that allowed a local user to cause a denial of service\r\n(panic) (CVE-2006-2932, Important)\r\n\r\n* a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT\r\nprocessing that allowed a remote user to cause a denial of service (crash)\r\nor potential memory corruption (CVE-2006-2444, Moderate)\r\n\r\n* a flaw in the DVD handling of the CDROM driver that could be used\r\ntogether with a custom built USB device to gain root privileges\r\n(CVE-2006-2935, Moderate)\r\n\r\n* a flaw in the handling of O_DIRECT writes that allowed a local user\r\nto cause a denial of service (memory consumption) (CVE-2004-2660, Low)\r\n\r\n* a flaw in the SCTP chunk length handling that allowed a remote user to\r\ncause a denial of service (crash) (CVE-2006-1858, Low)\r\n\r\n* a flaw in the input handling of the ftdi_sio driver that allowed a local\r\nuser to cause a denial of service (memory consumption) (CVE-2006-2936, Low)\r\n\r\nIn addition a bugfix was added to enable a clean reboot for the IBM Pizzaro\r\nmachines.\r\n\r\nRed Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill\r\nKorotaev for reporting issues fixed in this erratum.\r\n\r\nAll Red Hat Enterprise Linux 4 users are advised to upgrade their kernels\r\nto the packages associated with their machine architectures and\r\nconfigurations as listed in this erratum.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025187.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/025188.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025228.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-September/025230.html\n\n**Affected packages:**\nkernel\nkernel-devel\nkernel-doc\nkernel-hugemem\nkernel-hugemem-devel\nkernel-largesmp\nkernel-largesmp-devel\nkernel-smp\nkernel-smp-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0617.html", "edition": 6, "modified": "2006-09-05T22:11:22", "published": "2006-08-24T00:20:22", "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/025187.html", "id": "CESA-2006:0617", "title": "kernel security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2018-04-06T11:38:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2451", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-1857", "CVE-2006-0744", "CVE-2006-2448", "CVE-2006-1528", "CVE-2006-3085", "CVE-2006-2934"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065035", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065035", "type": "openvas", "title": "SLES9: Security update for Linux kernel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020521.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65035\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3626\", \"CVE-2006-2935\", \"CVE-2006-2934\", \"CVE-2006-2451\", \"CVE-2006-3085\", \"CVE-2006-2448\", \"CVE-2006-2444\", \"CVE-2006-1858\", \"CVE-2006-1857\", \"CVE-2006-1528\", \"CVE-2006-0744\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"SLES9: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.276\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2451", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-1857", "CVE-2006-0744", "CVE-2006-2448", "CVE-2006-1528", "CVE-2006-3085", "CVE-2006-2934"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65035", "href": "http://plugins.openvas.org/nasl.php?oid=65035", "type": "openvas", "title": "SLES9: Security update for Linux kernel", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5020521.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for Linux kernel\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n um-host-kernel\n kernel-source\n kernel-syms\n um-host-install-initrd\n kernel-um\n kernel-default\n kernel-debug\n kernel-bigsmp\n kernel-smp\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020521 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65035);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2006-3626\", \"CVE-2006-2935\", \"CVE-2006-2934\", \"CVE-2006-2451\", \"CVE-2006-3085\", \"CVE-2006-2448\", \"CVE-2006-2444\", \"CVE-2006-1858\", \"CVE-2006-1857\", \"CVE-2006-1528\", \"CVE-2006-0744\");\n script_tag(name:\"cvss_base\", value:\"9.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:C\");\n script_name(\"SLES9: Security update for Linux kernel\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"um-host-kernel\", rpm:\"um-host-kernel~2.6.5~7.276\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2932", "CVE-2006-3745", "CVE-2006-4093", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-0039", "CVE-2006-3741", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-3468", "CVE-2006-2071", "CVE-2006-2936", "CVE-2005-4811", "CVE-2004-2660"], "description": " [2.6.9-42.0.3.0.2]\n -rebuilt for EL\n \n [2.6.9-42.0.3.0.1]\n -Fix bonding primary=ethX so it picks correct network [IT 101532] [ORA 5136660]\n \n [2.6.9-42.0.3]\n -fix mprotect to not allow permission subversion (Jason Baron) [190073] {CVE-2006-2071}\n -fix sys_perfmonctl() file descriptor reference count issue (Anil Keshavamurthy) [204360] {CVE-2006-3741}\n -Fix hugepage crash on failing mmap (Larry Woodman) [165345] {CVE-2005-4811}\n -sctp: create abort messages properly (Neil Horman) [204460] {CVE-2006-4535}\n -fix oops occuring from malformed ULE packet (Neil Horman) [204912] {CVE-2006-4623}\n -ipw2[12]00: restore get_wireless_stats pointer (John Linville) [198820]\n -ipw2200: accept broadcast MAC traffic (John Linville) [203421]\n -fix netfilter do_add_counters race (Thomas Graf) [191698] {CVE-2006-0039}\n -fix ip over atm clip_mkip may dereference freed pointer (Thomas Graf) [206265]\n -ppc64: Clear EN_ATTN bit in PPC970 HID0 (David Woodhouse) [201684] {CVE-2006-4093}\n \n [2.6.9-42.0.2]\n -sctp: Fix data overflow in iovec computation (Neil Horman) [202122]\n \n [2.6.9-42.0.1]\n -fix O_DIRECT writes to memory holes can leak a page reference (Jeff Moyer) [191736] {CVE-2004-2660}\n -fix sctp chunk length overflow (Neil Horman) [192636] {CVE-2006-1858}\n -fix possible DoS in write routine of ftdi_sio driver (Pete Zaitcev) [197610] {CVE-2006-2936}\n -fix typo in drivers/cdrom/cdrom.c (Chip Coldwell) [197670] {CVE-2006-2935}\n -Fix reboot on IBM Pizzaro machines (Bastien Nocera) [200111]\n -don't shut down on bogus filehandles from nfs clients (Eric Sandeen) [199172] {CVE-2006-3468}\n -fix for prevention of setuid/gid on /proc/\n files (Ernie Petrides) [198973] {CVE-2006-3626}\n -fix SNMP NAT netfilter memory corruption (Thomas Graf) [192632] {CVE-2006-2444}\n -fix for non-hugemem x86 DoS w/bogus %ds/%es values (Ernie Petrides) [196280] {CVE-2006-2932] ", "edition": 4, "modified": "2006-11-30T00:00:00", "published": "2006-11-30T00:00:00", "id": "ELSA-2006-0617", "href": "http://linux.oracle.com/errata/ELSA-2006-0617.html", "title": "Important kernel security update ", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1858", "CVE-2006-3626", "CVE-2006-2932", "CVE-2006-4093", "CVE-2006-2444", "CVE-2006-2935", "CVE-2006-0039", "CVE-2006-3741", "CVE-2006-4535", "CVE-2006-4623", "CVE-2006-4997", "CVE-2006-3468", "CVE-2006-2071", "CVE-2006-2936", "CVE-2005-4811", "CVE-2004-2660"], "description": " [2.6.9-42.0.3.0.2]\n -rebuilt for EL\n \n [2.6.9-42.0.3.0.1]\n -Fix bonding primary=ethX so it picks correct network [IT 101532] [ORA 5136660]\n \n [2.6.9-42.0.3]\n -fix mprotect to not allow permission subversion (Jason Baron) [190073] {CVE-2006-2071}\n -fix sys_perfmonctl() file descriptor reference count issue (Anil Keshavamurthy) [204360] {CVE-2006-3741}\n -Fix hugepage crash on failing mmap (Larry Woodman) [165345] {CVE-2005-4811}\n -sctp: create abort messages properly (Neil Horman) [204460] {CVE-2006-4535}\n -fix oops occuring from malformed ULE packet (Neil Horman) [204912] {CVE-2006-4623}\n -ipw2[12]00: restore get_wireless_stats pointer (John Linville) [198820]\n -ipw2200: accept broadcast MAC traffic (John Linville) [203421]\n -fix netfilter do_add_counters race (Thomas Graf) [191698] {CVE-2006-0039}\n -fix ip over atm clip_mkip may dereference freed pointer (Thomas Graf) [206265]\n -ppc64: Clear EN_ATTN bit in PPC970 HID0 (David Woodhouse) [201684] {CVE-2006-4093}\n \n [2.6.9-42.0.2]\n -sctp: Fix data overflow in iovec computation (Neil Horman) [202122]\n \n [2.6.9-42.0.1]\n -fix O_DIRECT writes to memory holes can leak a page reference (Jeff Moyer) [191736] {CVE-2004-2660}\n -fix sctp chunk length overflow (Neil Horman) [192636] {CVE-2006-1858}\n -fix possible DoS in write routine of ftdi_sio driver (Pete Zaitcev) [197610] {CVE-2006-2936}\n -fix typo in drivers/cdrom/cdrom.c (Chip Coldwell) [197670] {CVE-2006-2935}\n -Fix reboot on IBM Pizzaro machines (Bastien Nocera) [200111]\n -don't shut down on bogus filehandles from nfs clients (Eric Sandeen) [199172] {CVE-2006-3468}\n -fix for prevention of setuid/gid on /proc/\n files (Ernie Petrides) [198973] {CVE-2006-3626}\n -fix SNMP NAT netfilter memory corruption (Thomas Graf) [192632] {CVE-2006-2444}\n -fix for non-hugemem x86 DoS w/bogus %ds/%es values (Ernie Petrides) [196280] {CVE-2006-2932] ", "edition": 4, "modified": "2006-11-30T00:00:00", "published": "2006-11-30T00:00:00", "id": "ELSA-2006-0689", "href": "http://linux.oracle.com/errata/ELSA-2006-0689.html", "title": "Important kernel security update ", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}